Deep Dive

How Nexion works

Nexion turns age, region, eligibility, and crypto onboarding rules into wallet-based Pass/Fail checks with signed policy receipts, plugged into your existing auth and access stack.

This page walks through the end-to-end flow, where Nexion sits in your architecture, and how platforms, developers, and users experience it day to day.

Talk to us Go to developer docs

Architecture

Where Nexion fits in your stack

Nexion is a wallet-based policy verifier that sits alongside your identity provider, crypto wallet integrations, and permissions model.

It doesn't replace your IdP, directories, or RBAC/ABAC systems:

Your IdP (or wallet login) still creates identities and sessions
Nexion verifies whether a user currently meets a given policy at signup, sign-in, or before a sensitive flow
Your own systems continue to manage roles, balances, and business logic

In most deployments: Nexion is called as a policy step before high-risk features, not as a rip-and-replace project for your entire auth stack.

The Process

End-to-end flow

One-time, high-assurance issuance

The user completes a one-time eKYC check in the Nexion wallet (document, biometric, liveness via vetted providers). The wallet receives a verifiable credential like "over 18" or "resident of country X". Raw ID and identity fields stay in the wallet, not in your systems.

Policy check during sign-in or access

Your app asks the wallet to prove a rule (age, region, eligibility). The wallet evaluates it on-device, then returns a verifier-bound presentation via OID4VP. Your backend logs a Pass/Fail decision plus a signed policy receipt.

Reuse and keep rules current

On return visits, a passkey proves same-person-same-device, and the wallet re-evaluates against your current policies. Your logs keep outcomes and receipts, not raw identity data. Policy changes apply on-device at the next check.

See how these steps map to age-gated content, region-locked features, and crypto onboarding →

Experience

User journey

What users do

1
Set up the wallet once with ID + selfie
2
Receive a credential ("over 18", "passed KYC")
3
Sign in with a passkey on supported devices
4
Policies check automatically on regulated flows

From the wallet, users can see where their credential was used and revoke a device if it is lost.

What your product does

Redirect new users to wallet issuance once
Request policy proofs at sign-up, sign-in, or before sensitive actions
Consume Pass/Fail + receipts in your existing logs
Surface block reasons when needed ("region not allowed", "limit exceeded")

Integration

Developer experience

Nexion is designed to feel like any other well-documented infrastructure dependency: SDKs for major platforms, clear APIs for policies and receipts, and simple JSON objects that drop into your existing observability and risk stack.

SDKs and quickstarts

Client SDKs for Web, iOS, and Android
Server libraries for common web2 and web3 stacks
Test sandboxes that simulate issuance and policy checks

What you integrate

Policy APIs instead of hand-rolled rules per product
Callbacks and webhooks for backend notifications
JSON receipts ready for logs, analytics, case management

For detailed integration examples and code snippets, see the Developers section.

FAQ

Flow & integration FAQ

What changes in our login and access flows?

You add a policy step before sensitive flows. For a new user, that means redirecting them to complete issuance in the wallet once. For returning users, it means a passkey sign-in and background policy checks, with decisions and receipts flowing into your logs. You keep your existing identity provider, sessions, and permissions model; Nexion handles the policy proof.

Does Nexion replace our identity provider or crypto wallet?

No. Nexion complements them. Your IdP or crypto wallet continues to manage identities and sessions; Nexion verifies whether a given identity currently meets your policies (such as age, region, eligibility, or KYC status) and issues receipts you can reuse across audits and products.

Where do we handle fine-grained permissions?

Fine-grained permissions, entitlements, and trading rules remain in your own systems. Nexion handles the "Are they allowed to be here at all?" questions, such as legal age, jurisdiction, KYC status, or eligibility, while your product logic and RBAC/ABAC handle what the user can do once inside.

Have a flow that doesn't fit neatly into these patterns? Talk to us and we'll map your policies onto the model.

How Nexion works

Nexion turns age, region, eligibility, and crypto onboarding rules into wallet-based Pass/Fail checks with signed policy receipts, plugged into your existing auth and access stack.

This page walks through the end-to-end flow, where Nexion sits in your architecture, and how platforms, developers, and users experience it day to day.